The most widely used part of the Internet is the World Wide Web, often abbreviated “WWW” or simply referred to as just “the Web”. The Web is an Internet service that organizes information through the use of hypermedia. The HyperText Markup Language (“HTML”) is typically used to specify the content and format of a hypermedia document (e.g., a Web page).
Each Web page can contain embedded references, referred to as “links”, to images, audio, video or other Web pages. The most common type of link used to identify and locate resources on the Internet is the Uniform Resource Locator, or URL. In the context of the Web, a user, using a Web browser, browses for information by selecting links that are embedded in each Web page.
When accessing certain Web sites, it may be necessary for a user to enter a user identifier and password before being permitted to access data via that Web site specific to that user. For example, most financial institutions, investment companies, and other service-providing entities, including, but not limited to on-line shopping Web sites, permit a user (or client of the entity) to access his or her account(s) via the Internet. For obvious reasons, each access is predicated on the user entering certain user-specific information prior to obtaining access the user's account. For example, to set up an on-line account, a user may be required to provide certain user-specific information such as, for example, a user identifier and password. Once that user-specific information is provided and an on-line account is established, the user may only access his or her on-line account by providing the user-specific information as part of a login process. Still further, after the user has initially authenticated, cookies or tokens appended to messages transmitted by the user may be used by the remote server to allow the user to gain access to subsequent information.
Additionally, it is not uncommon for users to share a computer, especially in households. For example, each member of the household might have an on-line Yahoo! account and might use the same computer to access each individual account. On the other hand, a user might maintain a plurality of on-line accounts either at the same web site or different web sites. For example, a user might have multiple on-line Yahoo! Accounts. While it is conceivable that a user may use the same login identifier and passwords for each of the plurality of Web sites, such a practice is not recommended. In fact, a more desirable and recommended practice is to use different login identifiers and password for each on-line account. That will increase security of the user's on-line accounts and reduce the possibility of unauthorized access to those accounts if someone happens to obtain one of the user's login identifiers and passwords. However, using different login identifiers and passwords for each on-line account present its own problems; not the least of which is remembering each login identifier and password.
A major type of internet fraud today is known as phishing. Phishing typically involves the practice of obtaining confidential information such as usernames and passwords through the manipulation of legitimate users. Typically, the confidential information is a user's password, credit card details, social security number, or other sensitive user information. Phishing may be carried out by masquerading as a trustworthy person, Web site, or business. In one approach, a message, such as an email or instant message, may be sent to an unsuspecting user. The message may include a link or other mechanism that links to an illegitimate source. In another approach, a webpage that may appear to be legitimate is provided to the user. However, the webpage is designed to trick the user into providing their confidential information. Such Web pages may relate to account login sites, credit card entry sites, or the like.
The false site typically contains a request for the individual's password, credit card, social security number, or other personal information. This information, if given by the individual, is then submitted to the person posing as the bank or popular Web site. Once the unsuspecting user enters their information, the phisher may be able to obtain the sensitive information and use it to create fake accounts in a victim's name, ruin the victim's credit, make purchases under the victim's name, sell the information to others, perform acts under the victim's identity, or even prevent the victim from accessing their own money and/or accounts.